Population processes in cyber system variability

Variability is inherent to cyber systems. Here, we introduce ideas from stochastic population biology to describe the properties of two broad kinds of cyber systems. First, we assume that each of N0 components can be in only one of two states: functional or nonfunctional. We model this situation as a Markov process that describes the transitions between functional and nonfunctional states. We derive an equation for the probability that an individual cyber component is functional and use stochastic simulation to develop intuition about the dynamics of individual cyber components. We introduce a metric of performance of the system of N0 components that depends on the numbers of functional and nonfunctional components. We numerically solve the forward Kolmogorov (or Fokker–Planck) equation for the number of functional components at time t, given the initial number of functional components. We derive a Gaussian approximation for the solution of the forward equation so that the properties of the system with many components can be determined from the transition probabilities of an individual component, allowing scaling to very large systems. Second, we consider the situation in which the operating system (OS) of cyber components is updated in time. We motivate the question of OS in use as a function of the most recent OS release with data from a network of desktop computers. We begin the analysis by specifying a temporal schedule of OS updates and the probability of transitioning from the current OS to a more recent one. We use a stochastic simulation to capture the pattern of the motivating data, and derive the forward equation for the OS of an individual computer at any time. We then include compromise of OSs to compute that a cyber component has an unexploited OS at any time. We conclude that an interdisciplinary approach to the variability of cyber systems can shed new light on the properties of those systems and offers new and exciting ways to understand them.

1. Is the manuscript technically sound, and do the data support the conclusions?
The manuscript must describe a technically sound piece of scientific research with data that supports the conclusions. Experiments must have been conducted rigorously, with appropriate controls, replication, and sample sizes. The conclusions must be drawn appropriately based on the data presented.

Reviewer #1: Yes
Response: We thank the reviewer for an excellent and thorough report. The reviewer clearly understood and appreciated what we have done, and pointed us towards literature that connects with our work.
In the revision, we have cited all of the papers that the reviewer mentions (details below). Furthermore, we have added additional citations to other relevant literature that we found by following the leads given in the papers mentioned by the reviewer.
3. Has the statistical analysis been performed appropriately and rigorously? The PLOS Data policy requires authors to make all data underlying the findings described in their manuscript fully available without restriction, with rare exception (please refer to the Data Availability Statement in the manuscript PDF file). The data should be provided as part of the manuscript or its supporting information, or deposited to a public repository. For example, in addition to summary statistics, the data points behind means, medians and variance measures should be available. If there are restrictions on publicly sharing data-e.g. participant privacy or use of data from a third party-those must be specified.

Reviewer #1: No
Response: In Appendix S1we now include a description of how the data were collected and two Tables that give the raw data and their summaries. In the first code listing in Appendix S4, we give Rscript to generate Fig 2A. The other codes in Appendix S4 reproduce the rest of the results.

Is the manuscript presented in an intelligible fashion and written in standard English?
PLOS ONE does not copyedit accepted manuscripts, so the language in submitted articles must be clear, correct, and unambiguous. Any typographical or grammatical errors should be corrected at revision, so please note any specific errors here.

Reviewer #1: Yes
Response: No response needed, but we have also worked with a professional copyeditor to ensure maximum clarity.

Review Comments to the Author
Please use the space provided to explain your answers to the questions above. You may also include additional comments for the author, including concerns about dual publication, research ethics, or publication ethics. (Please upload your review as an attachment if it exceeds 20,000 characters) Reviewer #1: This paper introduces ideas from stochastic population biology and statistical physics to describe the properties of two broad kinds of cyber systems -(1) the authors consider that each of the N0 components can be in only one of two states (functional or nonfunctional) and they model this situation as a Markov process that describes the transitions between functional and non-functional states; and (2) they consider the situation in which the Operating System (OS) of cyber components is updated in time, they analyze a temporal schedule of OS updates and the probability of transitioning from the current OS to a more recent one via stochastic simulation to capture the pattern of the illustrative data and then derive the forward equation for the OS of a computer at any time. The work is interesting, could prove instrumental for other research contributions in the field and so the reviewer has the following comments and suggestions for improvement: Response: Once again, we thank the reviewer for this excellent summary of our paper and its goals.
1) When it comes to variability, in computing systems there are more than two types like the natural and anthropogenic variability. For example, in "Stochastic communication: A new paradigm for fault-tolerant networks-on-chip" VLSI design 2007 (2007) there is a discussion of transient, intermittent and permanent faults. What is not captured in this variability discussion is the transient version when a component can fail due to a soft error or a just one time error caused by some physical phenomenon but then the cyber component behaves as it should. This is classical in satellite communication due to solar cosmic radiation but it can also take place at sea level du to particle hits, packaging nonidealities or lithography manufacturing errors in the CMOS cyber systems.
Response: This is a good point. In addition to citing the paper mentioned by the referee, we spent time reading additional literature and now begin the abstract "Variability is inherent in cyber systems" and the paper with "Although one wishes it were otherwise, variability is a constitutive property of cyber systems" with 5 supporting references. We eliminated the sentence about classification into natural and anthropogenic.
2) For the discussion of the systems analyzed on pages 4-6 it would be educational and instructive to provide some schematic diagrams to better understand the setup and the developed mathematical analysis. This should also reflect the Markov chain setup, types of states, transition probabilities etc. It is crucial for a reader to understand how the state is defined and can be further extended in other works for other purposes.
Response: This is an excellent suggestion. We added a new Figure 1, showing a visual representation of the first problem that we solve (systems with only two possible states). The new Figure 2 includes the data shown in the previous Figure 1, and shows a visual representation of the second problem that we solve (systems with multiple states that are updated unidirectionally).
3) The prior work of modeling cyber components and cyber-physical systems through concepts from stochastic population biology and statistical physics has been addressed before for various purposes such as modeling communication protocols, fault tolerance, communication / traffic / workloads, buffer sizing, power and thermal management, etc. As the authors can see this has already been considered and actually modeled through a similar formalism in these prior papers -"Constructing compact causal mathematical models for complex dynamics." In Proceedings of the 8th International Conference on Cyber-Physical Systems, pp. 97-107. 2017. and those should be discussed.